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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
eamed patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 18 March 2009 . 
2a )□ This action is FINAL. 2b)|3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Clalm(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) \Z\ Claim(s) is/are allowed. 

6) IEI Claim(s) 1-20 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 29 June 2006 and 18 March 2009 is/are: a)^ accepted or b)^ objected to by the 
Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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a)^ All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-20 have been examined. 

Priority 

2. Acl<nowledgment is made of applicant's claim for priority based on a provisional 
application 60/5341 90 filed on 01/02/04 and PCT/IL2004/001191 filed on 12/30/04. 

Drawings 

3. The drawings are objected to because element 120 discussed in reference to Fig. 1 
(see the specification, pg. 6) is not found in Fig. 1 . Furthermore, Fig. 4 referenced 
by the specification (pg. 9-11) was not found in either of three pages of the drawings 
submitted on 6/29/06 and 3/18/09. 

Corrected drawing sheets are required in reply to the Office action to avoid 
abandonment of the application. Any amended replacement drawing sheet should 
include all of the figures appearing on the immediate prior version of the sheet, even 
if only one figure is being amended. The figure or figure number of an amended 
drawing should not be labeled as "amended." If a drawing figure is to be canceled, 
the appropriate figure must be removed from the replacement sheet, and where 
necessary, the remaining figures must be renumbered and appropriate changes 
made to the brief description of the several views of the drawings for consistency. 
Additional replacement sheets may be necessary to show the renumbering of the 
remaining figures. The replacement sheet(s) should be labeled "Replacement 
Sheet" in the page header (as per 37 CFR 1 .84(c)) so as not to obstruct any portion 
of the drawing figures. If the changes are not accepted by the examiner, the 
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applicant will be notified and informed of any required corrective action in the next 
Office action. The objection to the drawings will not be held in abeyance. 
Specification 

4. The disclosure is objected to because element 370 shown in Fig. 3 is not address in 

the disclosure. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. The claimed invention is directed to non-statutory subject matter. 

Based on Supreme Court precedent and recent Federal Circuit decisions, a 35 
U.S.C § 101 process must (1) be tied to a particular machine or (2) transform 
underlying subject matter (such as an article or materials) to a different state or 
thing. In re Bilski et al, 88 USPQ 2d 1385 CAFC (2008); Diamond v. Diehr, 450 U.S. 
175, 184 (1981); Parker v. Flook, 437 U.S. 584, 588 n.9 (1978); Gottschalk v. 
Benson, 409 U.S. 63, 70 (1972); Cochrane v. Deener, 94 U.S. 780,787-88 (1876). 

An example of a method claim that would not qualify as a statutory process would be 
a claim that recited purely mental steps. Thus, to qualify as a § 101 statutory 
process, the claim should positively recite the particular machine to which it is tied, 
for example by identifying the apparatus that accomplishes the method steps, or 
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positively recite the subject matter that is being transformed, for example by 
identifying the material that is being changed to a different state. The mere 
recitation of the machine in the preamble with an absence of a machine in the body 
of the claim fails to make the claim statutory under 35 USC 101 . Note the Board of 
Patent Appeals Informative Opinion Ex parte Langemyer et al. 

6. In the instant situation, not only an ordinary artisan would readily recognize that 
network servers cited in claim 1 , for example, could be implemented in software 
(which, unless used stored in hardware elements, i.e. executed by the processor or 
stored on the computer readable storage media, is non statutory) but in fact, claim 
1 1 for example, could the generic assessment of process authorization implemented 
on a peace of paper and/or ones mind. Lastly, the independent claim 1 1 , for 
example offers no useful result, as resulted in claim 12, for example. 

Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out 
and distinctly claiming the subject matter which the applicant regards as his 
invention. 
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7. Claims 1-20 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
that applicant regards as the invention. 

8. The "sign in", "initial session type" and "hyperlink session address type" parameters 
recited in claims 7-9 and 17-19 are not clear and the specification offers no guidance 
in reference to understanding these terms. For purpose of the further examination 
these terms are treated as best understood. 

9. Similarly, it is not clear what constitutes of "replac[ing] redundant information in the 
process information vector" in claims 5 and 15. Besides the summary that 
essentially repeats the claim limitation, the only reference in the specification 
referring to the subject is paragraph 1 of pg. 9. However, the specification merely 
recite as follows: 

"...which may run simultaneously in complex environments, adding information which tracks 
every single process might severely burden the system's resources and degrade its performance. 
For this reason the preferred embodiment of the present security system is especially designed to 
overcome this problem. In order to economize the resources usage, the system uses redundant 
fields in the process information vector, such as the TTY process information field in the Unix 
operating system. The TTY process information holds the identification information of the terminal 
which initiated the process. Since the processes at hand are initiated by external sources and not 
via local terminals, this information is redundant and its memory allocation may be used for the 
purposes of the present security system, without jeopardizing the integrity of the environment. 
Other systems have other redundant fields in their session information vector which may be used 
for the same purpose" 

and, as a result, it is not clear whether the limitation simply refers to the use of 
particular term/value (i.e. TCP) for the same processes, whether the processes are 
grouped or whether there is some other intended meaning of the phrase. Thus, the 
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examiner is not able to clearly ascertain the metes and bounds of the claimed 
limitation and treats the limitation as best understood. 

10. The independent claims 1 and 1 1 suggest that in the claimed security system for 
preventing unauthorized processes activities within a network server environment 
" each process is associated to at least one identified communication session". It is 
not clear what " each process" refers to. Clearly, network systems utilize a variety of 
processes that have nothing to do with network communication (session). The 
limitation is especially confusing in light of limitations present in dependent claims 
(i.e. claim 2) that, if taken literally, would pose the question how such implementation 
is accomplished (i.e. how is the boot process checked/blocked). For the purpose of 
the initial examination, the examiner reads "each process" as "processes". 
However, it is noted that upon clarification of the term, the 112 first paragraph 
rejection may be exercised. 

1 1 . Lastly, it is not clear what consists of preamble and what of the limitations in claim 1 . 
Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 
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12. Claims 1-8, 10-18 and 20 are rejected under 35 U.S.C. 102(a) as being anticipated 
by Carter (USPUB 2003/0051026). 

Carter discloses a security system for preventing unauthorized processes 
activities within a networit server environment, wherein each process is 
associated to at least one identified communication session and the process 
authorization Is determined in accordance with predefined rules, wherein said 
rules refer to the properties of the identified communication session (para 
[168], [341], [349], [383] and [393]), a filtering module installed on each server 
for blocking unauthorized processes activities in accordance with determined 
authorization (para [655-657] and [984), at least one agent installed on one of 
the protected servers within the server network environment, said agent 
enables correlating between processes and sessions on different servers 
(para [653-656], [665-667] and [671] Commander, Demons KnS, Agents and angels 
perform correlation and access control), for each process an identification code 
of the identified communication session is added to the process information 
vector (para [363]), the identification code replaces redundant information in 
the process Information vector (para [341-342]), the processes are associated 
to the Identified communication session by a unique process Identifier (para 
[342] and [346]), the identified session properties are sign in parameters (para 
[349]), the identified session properties are initial session type parameters 
(para [351] and [363]), and the communication session is identified according to 
a unique Transmission Control Protocol (TCP) port ID (para [349-351]). 
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Claim Rejections - 35 USC § 102 or 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sl^ill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 9 and 19 are rejected under 35 U.S,C. 102(a) as anticipated by or, in the 
alternative, under 35 U.S.C. 103(a) as obvious over Carter (USPUB 2003/0051026). 
Carter discloses a security system wherein each process is associated to at least 
one identified communication session and the process and the process authorization 
is determined in accordance with the predefined rules, wherein said rules refer to the 
properties of the identified communication session as discussed above. 

14. Carter does not explicitly recite that the identified session properties are hyperlink 
session address type parameters. However, not only carter discloses TCP but as 
seen in the background of the invention. Carter's invention pertains to hyperlink 
session address type parameters (i.e. para [21], [98], [301-302]), Fig. on pg. 5 etc.) 
but even if Carter did not include such parameters, Official Notice is taken using 
hyperlink session address type parameters as the identified session is old and well- 
known practice in computer security (see USPN 6476833, for example) and, one of 
ordinary skill in art at the time of applicant's invention would be motivated to include 
them given the benefit of final degree of security. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from tine 
examiner should be directed to Peter Poltorak whose telephone number is (571) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is (571 ) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

/Peter Poltorak/ 
Examiner, Art Unit 2434 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



